3 matches found
CVE-2018-15144
SQL injection vulnerability in interface/deidentificationforms/finddrugpopup.php in versions of OpenEMR before 5.0.1.4 allows a remote authenticated attacker to execute arbitrary SQL commands via the searchterm parameter...
CVE-2018-15144
CVE-2018-15144 describes an SQL injection in OpenEMR’s interface/de_identification_forms/find_drug_popup.php for versions before 5.0.1.4. A remote authenticated attacker can execute arbitrary SQL via the search_term parameter. Affected: OpenEMR 5.0.1.3 and earlier. Root cause: unsafely constructe...
CVE-2018-15144
SQL injection vulnerability in interface/deidentificationforms/finddrugpopup.php in versions of OpenEMR before 5.0.1.4 allows a remote authenticated attacker to execute arbitrary SQL commands via the searchterm parameter...